InfoSec News

One of the great things about open source software is that it doesn't just bring a wealth of benefits to businesses. Rather, by making low-cost, high-quality software widely available to everyone, it also has the potential to change lives around the world.
 
The Bookeen Cybook Orizon joins a growing group of ebook readers with built-in Wi-Fi, which allows you to download material without having to hook the device up to a PC. The $240 (as of August 5, 2011) Orizon also has a 6-inch touchscreen electronic-paper display, which makes for easy and intuitive menu navigation, text selections, and page turns using your fingertip.
 
In the debate over whether executives can learn to be great leaders, Robert Steven Kaplan of Harvard Business School is in the camp that believes they can. In his work with C-level executives, he finds a useful way to begin the leadership journey is by asking the right questions -- of themselves and their subordinates.
 
Bookeen's latest iteration of its Cybook Opus (originally reviewed last year) puts a little spit and polish on the original, which was one of the skinniest and lightest e-readers available. At 5.3 ounces, the new Opus retains the featherweight crown, but the current Sony Reader Pocket Edition almost matches it at 5.5 ounces--and that model offers an easier-to-navigate touchscreen. On top of that, the Opus's $190 price remains steeper than most (though competitive with Sony).
 
The Origin EON 17-S is unabashedly a desktop replacement laptop. It's big and bulky, though it weighs a bit less than older, similar systems at a little over 8.5 pounds without the power brick. (Note that the large, 220W power supply weighs about 2.5 pounds all by itself.) On the surface, it's a generic 17-inch laptop with some additional amenities, such as a discrete Nvidia GTX 460M GPU, a high-performance solid-state drive, and the top-of-the-line Core i7-2920XM quad-core processor from Intel's 32nm Sandy Bridge CPU series.
 
F-Secure blogged about a new Trojan for Macs IOSX
http://www.f-secure.com/weblog/archives/00002206.html

It relies on the fact that due to the dispute between Adobe and Apple, Apple's latest Mac OS X version Lion comes without any flash player, enhancing the odds people do not find it strange to have to install it separately.



This is a DNS changer type malware that modifies the hosts file to redirect google sites to 91.224.160.26. Which appears to be in the British Virgin Islands.



inetnum: 91.224.160.0 - 91.224.161.255

netname: Bergdorf-network

descr: Bergdorf Group Ltd.

country: NL

org: ORG-BGL9-RIPE

admin-c: AJ2256-RIPE

tech-c: AJ2256-RIPE

status: ASSIGNED PI

mnt-by: RIPE-NCC-END-MNT

mnt-lower: RIPE-NCC-END-MNT

mnt-by: AINT-MNT

mnt-routes: AINT-MNT

mnt-domains: AINT-MNT

source: RIPE # Filtered



organisation: ORG-BGL9-RIPE

org-name: Bergdorf Group Ltd.

org-type: other

address: 3A Little Denmark Complex, 147 Main Street, PO Box 4473, Roa

wn, Torola, British Virgin Islands VG1110

admin-c: AJ2256-RIPE

tech-c: AJ2256-RIPE

mnt-ref: AINT-MNT

mnt-by: AINT-MNT

source: RIPE # Filtered



person: Agnes Jouaneau

address: A Little Denmark Complex, 147 Main Street, PO Box 4473

address: Road Town, Torola, VG1110

address: British Virgin Islands

phone: +44 20 81333030

fax-no: +44 20 81333030

abuse-mailbox: [email protected]

nic-hdl: AJ2256-RIPE

mnt-by: aint-mnt

source: RIPE # Filtered



% Information related to '91.224.160.0/23AS51430'

route: 91.224.160.0/23

descr: Bergdorf Group Ltd.

origin: AS51430

mnt-by: AINT-MNT

source: RIPE # Filtered



When I asked that server where google was it gave me an interesting response. It is still providing fake replies to dns queries for google.


lserver 91.224.160.26

Default server: 91.224.160.26

Address: 91.224.160.26#53

google.com

Server: 91.224.160.26

Address: 91.224.160.26#53



Name: google.com

Address: 91.224.160.26



Watching for upd port 53 packets towards that IP might be a good idea.



UPDATE/CORRECTION:
While the whois information points to the British Virgin Islands a traceroute gave me a very different answer.
Tracing route to 91.224.160.26 over a maximum of 30 hops



1 75 ms 1 ms 1 ms 10.1.195.3

SNIP

14 236 ms 147 ms 138 ms Open-Peering-Amsterdam.Te3-3.ar7.AMS2.gblx.net [208.50.237.194]

15 350 ms 139 ms 138 ms jt.altushost.com [217.170.19.60]

16 138 ms 142 ms 142 ms 91.224.160.26 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
NASA on Friday launched an unmanned probe to Jupiter in a search to find out what is underneath the planet's swirling cover of clouds.
 
I'm a big fan of using multiple monitors. From a productivity standpoint alone, you can't beat keeping your browser open on one monitor and your e-mail client on another. Or your spreadsheet here and your word processor there. You get the idea.
 
The U.S. Federal Bureau of Investigation on Friday introduced its first mobile app: an iPhone application aimed at helping parents whose children go missing.
 
Uli Mrose updated Windows Explorer to version 9, but didn't like it. Here's how to bring back IE8.
 
The FCC announces award winners in its competition to design tools to measure broadband network management.
 
Microsoft this week urged users to keep an oft-criticized Windows security feature turned on, even as it said that more malware is disabling the tool.
 
The Kingston Wi-Drive is a neat idea but could do with some polishing.
 
A federal judge yesterday granted Apple's request for a preliminary injunction and issued a temporary restraining against several retailers for infringing Apple's trademark, according to court documents.
 
Expanding the field of complex event process software with another offering, Twitter will release as open source its software for analyzing live large-scale data streams, called Storm.
 
Sprint's first sub-$100 4G smartphone, the Samsung Conquer 4G, goes on sale Aug. 21.
 
Two security companies are questioning claims that a cyber espionage campaign uncovered by a rival firm was sophisticated or even extraordinary.
 
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
We are now collecting for about a week now, and I think it is time to give everybody a quick update on the project. Thanks to all the submissions so far. We do have some initial results, just not enough to automate the reports quite yet. But there are now clients for perl, python and ASP! (thanks to the contributors)
Some of the most common scans target:

Word Press. We do have a good number of reports joing for wp-login.php.-)
apple-touch-icon files (there are a number of different once for different resolutions). This is just like a favicon, but used by Apple's IOs devices. With them being more and more popular, you may want to set one up.
crossdomain.xml - this file is used by flash and Silverlight to communicate your cross domain policies. We have talked about the file before. It is a good idea to have an empty one that restricts access (this is the default for up to date flash players)

Please keep the reports coming and please install the client code on your error page if you haven't yet. Once you installed it, you can verify if your submissions are working after logging in and projecting to the 404 report page.
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
When McAfee released its Operation Shady Rat hacking report earlier this week, it didn't name all of the organizations it thought could have been hacked as part of a large, five-year ongoing campaign. Yours might be one of them.
 

Global Network and Data-security Spending will Exceed $10 billion by 2016
ECNmag.com
... security industry whilst incorporating three specialized showcases; Data Storage Showcase 2012, Cloud Computing Showcase 2012, and Software Development Showcase 2012. This event is also due to run concurrently with the InfoSec Asia 2012 conference.

 
A reportedly serious security bug affecting the J2EE (Java 2 Platform Enterprise Edition) engine in SAP's NetWeaver middleware will be patched soon, SAP said Friday.
 
The strange e-mails arrived in executives' inboxes around the same time that the Australian oil company was negotiating a deal with a Chinese energy company.
 
The official newspaper of China's ruling communist party dismissed security vendor McAfee's report that a state sponsored group was behind the massive cyberattack that penetrated 72 companies and organizations, calling the claims groundless.
 
One of the great things about open source software is that it doesn't just bring a wealth of benefits to businesses. Rather, by making low-cost, high-quality software widely available to everyone, it also has the potential to change lives around the world.
 
It's getting easier for strangers to identify people and infer detailed information about them from their publicly available pictures on sites such as Facebook and LinkedIn, a researcher said at Black Hat.
 
Apple Mac OS X QuickTime (CVE-2011-0213) Buffer Overflow Vulnerability
 
Apple QuickTime (CVE-2011-0186) JPEG2000 Image Multiple Memory Corruption Vulnerabilities
 
Apple Mac OS X QuickTime Movie File Handling Memory Corruption Vulnerability
 
Apple Mac OS X Quicktime (CVE-2011-0209) Integer Overflow Vulnerability
 
Learn how to use HTML5 to plot points on a map and determine current position -- especially useful for mobile apps.
 
For most security teams, it’s still a struggle to find money for secure application development, according to a panel of Black Hat 2011 experts.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
A researcher says poor Sophos software security leaves many open doors, notably cryptographic and attack-mitigation weaknesses in Sophos’ AV engine.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Internet Storm Center Infocon Status